As a system administrator, we may want to keep track of authorized and unauthorized activity on your server. OSSEC may be the solution for this. It's an open source host-based intrusion detection system, which can be used for tracking server activity. When properly configured, OSSEC can perform log analysis, integrity checking, rootkit detection, time-based alerting, and many other things.